SmartHawk

3.4

中危

61 个模型检测该样本为恶意！

重新分析

下载样本

d72189427c4e17ccdf9d992e0eaccffd7197448a89800b56e51969aeeda3e740

76045ee25aea099b4420e7f16bf969ca.exe

分析耗时

47s

最近分析

文件大小

539.0KB

静态报毒动态报毒 100% ADOPSHEL AGEN AI SCORE=84 AIDETECTVM ATTRIBUTE CLASSIC CONFIDENCE GENASA GENCIRC GENERICRXJJ GENETIC HEDQIB HIGH CONFIDENCE HIGHCONFIDENCE HQW@AC8JE@M ILJ6DN+JC MALWARE1 MALWARE@#3NGNFDRZ49X4P PBZG R06EC0DI220 R329741 RACCOON RACEALER RAZY SCORE SIGGEN2 STATIC AI SUSGEN SUSPICIOUS PE TROJANPSW TROJANPWS TROJANX ULISE UNSAFE ZEXAF 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	TrojanPSW:Win32/Racealer.57e1bc75	20190527	0.3.0.5
Avast	Win32:TrojanX-gen [Trj]	20201229	21.1.5827.0
Tencent	Malware.Win32.Gencirc.10b91a84	20201229	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20201229	2017.9.26.565
McAfee	GenericRXJJ-ZD!76045EE25AEA	20201229	6.0.6.653
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619649257.305307 IsDebuggerPresent		failed	0	0

Downloads a file or document from Google Drive (1 个事件)

domain

drive.google.com

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)

dead_host

103.252.114.101:443

File has been identified by 61 AntiVirus engines on VirusTotal as malicious (50 out of 61 个事件)

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen2.44468
MicroWorld-eScan	Gen:Variant.Razy.618185
FireEye	Generic.mg.76045ee25aea099b
CAT-QuickHeal	Trojanpws.Racealer
ALYac	Trojan.PSW.Racealer
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Spyware ( 005712d51 )
Alibaba	TrojanPSW:Win32/Racealer.57e1bc75
K7GW	Spyware ( 005712d51 )
Cybereason	malicious.25aea0
Arcabit	Trojan.Razy.D96EC9
BitDefenderTheta	Gen:NN.ZexaF.34700.HqW@aC8JE@m
Cyren	W32/Trojan.PBZG-3529
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Agent.PQZ
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
ClamAV	Win.Malware.Ulise-7344017-0
Kaspersky	Trojan-PSW.Win32.Racealer.dra
BitDefender	Gen:Variant.Razy.618185
NANO-Antivirus	Trojan.Win32.Racealer.hedqib
Paloalto	generic.ml
ViRobot	Trojan.Win32.S.Agent.551936.BT
Tencent	Malware.Win32.Gencirc.10b91a84
Ad-Aware	Gen:Variant.Razy.618185
Sophos	Mal/Generic-S
Comodo	Malware@#3ngnfdrz49x4p
F-Secure	Heuristic.HEUR/AGEN.1127993
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R06EC0DI220
McAfee-GW-Edition	BehavesLike.Win32.Adopshel.hh
Emsisoft	Gen:Variant.Razy.618185 (B)
SentinelOne	Static AI - Suspicious PE
Jiangmin	TrojanSpy.Stealer.cep
eGambit	Unsafe.AI_Score_84%
Avira	HEUR/AGEN.1127993
MAX	malware (ai score=84)
Antiy-AVL	Trojan[PSW]/Win32.Racealer
Gridinsoft	Trojan.Win32.Agent.vb!s1
Microsoft	Trojan:Win32/Racealer.AR!MTB
ZoneAlarm	Trojan-PSW.Win32.Racealer.dra
GData	Win32.Trojan.Raccoon.A
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Raccoon.R329741
McAfee	GenericRXJJ-ZD!76045EE25AEA
TACHYON	Trojan-PWS/W32.Racealer.551936
VBA32	TrojanPSW.Racealer

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-03-05 01:46:23

Imports

Library KERNEL32.dll:

• 0x466088 GetLocaleInfoA

• 0x46608c RemoveDirectoryTransactedA

• 0x466090 GetUserDefaultLCID

• 0x466094 DeleteFileA

• 0x466098 lstrlenA

• 0x46609c GetLastError

• 0x4660a0 HeapAlloc

• 0x4660a4 lstrcpynA

• 0x4660a8 lstrcmpiW

• 0x4660ac GetModuleFileNameA

• 0x4660b0 GetCurrentProcess

• 0x4660b4 GetSystemPowerStatus

• 0x4660b8 CreateMutexA

• 0x4660bc OpenProcess

• 0x4660c0 CreateToolhelp32Snapshot

• 0x4660c4 MultiByteToWideChar

• 0x4660c8 GetSystemWow64DirectoryW

• 0x4660cc GetTimeZoneInformation

• 0x4660d0 OpenMutexA

• 0x4660d4 Process32NextW

• 0x4660d8 GetVersionExA

• 0x4660dc GlobalAlloc

• 0x4660e0 lstrcpyA

• 0x4660e4 GetModuleHandleA

• 0x4660e8 GlobalFree

• 0x4660ec GetSystemInfo

• 0x4660f0 GetLogicalDriveStringsA

• 0x4660f4 GlobalMemoryStatusEx

• 0x4660f8 WideCharToMultiByte

• 0x4660fc GetComputerNameA

• 0x466100 UnmapViewOfFile

• 0x466104 GetFileInformationByHandle

• 0x466108 FileTimeToSystemTime

• 0x46610c CloseHandle

• 0x466110 GetTickCount

• 0x466114 SetStdHandle

• 0x466118 FreeEnvironmentStringsW

• 0x46611c GetEnvironmentStringsW

• 0x466120 GetOEMCP

• 0x466124 GetACP

• 0x466128 IsValidCodePage

• 0x46612c HeapReAlloc

• 0x466130 OutputDebugStringW

• 0x466134 GetEnvironmentVariableA

• 0x466138 GetFileSize

• 0x46613c lstrcpyW

• 0x466140 LoadLibraryW

• 0x466144 GetVersionExW

• 0x466148 lstrlenW

• 0x46614c CreateDirectoryA

• 0x466150 Process32FirstW

• 0x466154 SystemTimeToFileTime

• 0x466158 CreateFileA

• 0x46615c GetFileAttributesA

• 0x466160 LocalFileTimeToFileTime

• 0x466164 SetCurrentDirectoryA

• 0x466168 GetCurrentDirectoryA

• 0x46616c SetFilePointer

• 0x466170 SetFileTime

• 0x466174 WriteFile

• 0x466178 ReadFile

• 0x46617c FindClose

• 0x466180 CopyFileTransactedA

• 0x466184 CreateDirectoryTransactedA

• 0x466188 FreeLibrary

• 0x46618c GetProcessHeap

• 0x466190 LocalFree

• 0x466194 GetProcAddress

• 0x466198 lstrcatW

• 0x46619c LoadLibraryA

• 0x4661a0 LocalAlloc

• 0x4661a4 SetEnvironmentVariableW

• 0x4661a8 ReadConsoleW

• 0x4661ac EnumSystemLocalesW

• 0x4661b0 IsValidLocale

• 0x4661b4 GetTimeFormatW

• 0x4661b8 GetDateFormatW

• 0x4661bc GetConsoleMode

• 0x4661c0 GetConsoleCP

• 0x4661c4 FlushFileBuffers

• 0x4661c8 GetFileSizeEx

• 0x4661cc GetCommandLineW

• 0x4661d0 GetCommandLineA

• 0x4661d4 HeapSize

• 0x4661d8 ExitProcess

• 0x4661dc WriteConsoleW

• 0x4661e0 GetModuleHandleExW

• 0x4661e4 GetModuleFileNameW

• 0x4661e8 GetFileType

• 0x4661ec GetStdHandle

• 0x4661f0 LoadLibraryExW

• 0x4661f4 DeleteFileTransactedA

• 0x4661f8 GetLocalTime

• 0x4661fc HeapFree

• 0x466200 RaiseException

• 0x466204 RtlUnwind

• 0x466208 TerminateProcess

• 0x46620c InitializeSListHead

• 0x466210 GetCurrentThreadId

• 0x466214 GetCurrentProcessId

• 0x466218 QueryPerformanceCounter

• 0x46621c GetStartupInfoW

• 0x466220 SetUnhandledExceptionFilter

• 0x466224 UnhandledExceptionFilter

• 0x466228 IsDebuggerPresent

• 0x46622c IsProcessorFeaturePresent

• 0x466230 GetCPInfo

• 0x466234 GetStringTypeW

• 0x466238 GetLocaleInfoW

• 0x46623c LCMapStringW

• 0x466240 CompareStringW

• 0x466244 DecodePointer

• 0x466248 EncodePointer

• 0x46624c GetSystemTimeAsFileTime

• 0x466250 TlsFree

• 0x466254 TlsSetValue

• 0x466258 TlsGetValue

• 0x46625c TlsAlloc

• 0x466260 SetCurrentDirectoryW

• 0x466264 CreateDirectoryW

• 0x466268 CreateFileW

• 0x46626c DeleteFileW

• 0x466270 FindFirstFileExW

• 0x466274 FindNextFileW

• 0x466278 GetFileAttributesExW

• 0x46627c RemoveDirectoryW

• 0x466280 SetEndOfFile

• 0x466284 SetFilePointerEx

• 0x466288 AreFileApisANSI

• 0x46628c SetLastError

• 0x466290 GetModuleHandleW

• 0x466294 CopyFileW

• 0x466298 FormatMessageW

• 0x46629c EnterCriticalSection

• 0x4662a0 LeaveCriticalSection

• 0x4662a4 DeleteCriticalSection

• 0x4662a8 InitializeCriticalSectionAndSpinCount

• 0x4662ac SwitchToThread

Library USER32.dll:

• 0x4662d0 GetDesktopWindow

• 0x4662d4 wsprintfW

• 0x4662d8 wsprintfA

• 0x4662dc GetSystemMetrics

• 0x4662e0 EnumDisplayDevicesA

• 0x4662e4 GetWindowDC

• 0x4662e8 GetWindowRect

Library GDI32.dll:

• 0x466060 BitBlt

• 0x466064 SaveDC

• 0x466068 SelectObject

• 0x46606c CreateDIBSection

• 0x466070 CreateCompatibleDC

• 0x466074 GetDeviceCaps

• 0x466078 DeleteDC

• 0x46607c RestoreDC

• 0x466080 DeleteObject

Library ADVAPI32.dll:

• 0x466000 GetTokenInformation

• 0x466004 CryptGetHashParam

• 0x466008 CryptDestroyHash

• 0x46600c RegQueryValueExA

• 0x466010 GetUserNameA

• 0x466014 CreateProcessWithTokenW

• 0x466018 OpenProcessToken

• 0x46601c RegOpenKeyExA

• 0x466020 ConvertSidToStringSidW

• 0x466024 DuplicateTokenEx

• 0x466028 RegQueryValueExW

• 0x46602c CryptReleaseContext

• 0x466030 RegCloseKey

• 0x466034 RegEnumKeyExW

• 0x466038 RegOpenKeyExW

• 0x46603c CryptAcquireContextA

• 0x466040 CredEnumerateW

• 0x466044 CredFree

• 0x466048 CryptCreateHash

• 0x46604c CryptHashData

Library SHELL32.dll:

• 0x4662b4 SHGetFolderPathA

• 0x4662b8 ShellExecuteA

• 0x4662bc SHGetSpecialFolderPathW

Library ole32.dll:

• 0x46637c CoInitialize

• 0x466380 CoUninitialize

• 0x466384 CoTaskMemFree

• 0x466388 CoCreateInstance

Library USERENV.dll:

• 0x4662f0 GetUserProfileDirectoryA

Library ktmw32.dll:

• 0x46636c CommitTransaction

• 0x466370 RollbackTransaction

• 0x466374 CreateTransaction

Library bcrypt.dll:

• 0x466324 BCryptDecrypt

• 0x466328 BCryptDestroyKey

• 0x46632c BCryptGenerateSymmetricKey

• 0x466330 BCryptOpenAlgorithmProvider

• 0x466334 BCryptSetProperty

• 0x466338 BCryptCloseAlgorithmProvider

Library CRYPT32.dll:

• 0x466054 CryptStringToBinaryA

• 0x466058 CryptUnprotectData

Library SHLWAPI.dll:

• 0x4662c4 StrCmpNW

• 0x4662c8 StrStrIW

Library WINHTTP.dll:

• 0x4662f8 WinHttpCloseHandle

• 0x4662fc WinHttpSendRequest

• 0x466300 WinHttpConnect

• 0x466304 WinHttpQueryDataAvailable

• 0x466308 WinHttpSetOption

• 0x46630c WinHttpQueryHeaders

• 0x466310 WinHttpOpen

• 0x466314 WinHttpOpenRequest

• 0x466318 WinHttpReceiveResponse

• 0x46631c WinHttpReadData

Library gdiplus.dll:

• 0x466340 GdiplusStartup

• 0x466344 GdipGetImageEncodersSize

• 0x466348 GdipFree

• 0x46634c GdipDisposeImage

• 0x466350 GdipCreateBitmapFromHBITMAP

• 0x466354 GdipAlloc

• 0x466358 GdipCloneImage

• 0x46635c GdipGetImageEncoders

• 0x466360 GdiplusShutdown

• 0x466364 GdipSaveImageToFile

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
drive.google.com	A 103.252.114.101	208.43.170.231
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	56540	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.